Jostens, Inc.
Senior Manager, Governance, Risk & Compliance (GRC)
Jostens, Inc., Minneapolis, Minnesota, United States, 55400
SENIOR MANAGER, GOVERNANCE, RISK & COMPLIANCE (GRC)
Position:
Senior Manager, Governance, Risk & Compliance (GRC) Location:
Minneapolis, MN Remote Status:
Hybrid Job Id:
5532-10183 # of Openings:
1 ABOUT YOU
As the Senior Manager, Governance, Risk & Compliance (GRC), you will lead the enterprise-wide GRC program, overseeing policy management, security risk processes, third-party risk, and compliance with critical regulatory frameworks such as PCI DSS, SOX ITGC, and SOC 2. This role is both strategic and hands-on requiring strong leadership, deep security expertise, and executive-level communication. You’ll collaborate cross-functionally with teams in IT, Legal, Audit, and business units to reduce risk, strengthen security posture, and ensure compliance across global operations. YOU WILL: Lead the Enterprise GRC Program.
Oversee information security policy development, control monitoring, and compliance initiatives across the organization. Own the Policy Lifecycle.
Manage the creation, review, approval, and communication of security policies, ensuring adoption and alignment with frameworks. Drive Cybersecurity Strategy.
Align security initiatives with organizational objectives, regulatory requirements, and executive priorities. Manage the Risk Registry.
Lead risk identification, scoring, treatment planning, and ongoing tracking in collaboration with business and IT stakeholders. Advance Third-Party Risk Management.
Conduct vendor due diligence, assess ongoing risk, and ensure contract language meets security/privacy standards. Coordinate Compliance Programs.
Lead audit readiness and evidence management for PCI DSS Level 1, SOC 2, and SOX ITGC audits. Oversee GRC Platforms.
Manage tools like ZenGRC to automate control workflows, risk tracking, and policy approvals. Deliver Executive Reporting. Provide leadership and Board-level reporting using dashboards, metrics, KRIs, and business impact narratives. Lead Security Awareness Programs.
Oversee company-wide and targeted training programs, and champion a culture of security awareness. Collaborate Cross-Functionally.
Serve as a bridge between Legal, Audit, Engineering, IAM, and Security Operations, ensuring alignment and accountability. Support Emerging Risk Areas.
Contribute to governance programs related to AI, cloud security posture, OT/IoT, and business continuity. Supervise & Develop Talent.
Lead a GRC team based in the Dominican Republic, fostering professional growth and aligning resources to strategic goals. Typical/expected % of overnight travel:
YOU HAVE
Education:
Bachelor’s degree in Information Security, Computer Science, or related field required Experience:
8+ years of progressive Information Security experience, with at least 5 years in GRC-focused leadership roles. Team Leadership:
Proven experience managing and mentoring security teams (3–5 direct reports, contractors, or consultants). Policy Management:
Demonstrated ability to manage the full policy lifecycle (development, approval, publication, communication, and adoption). Risk Management:
Direct experience with enterprise risk management programs, risk registry ownership, and risk reporting to executives. Control Assurance:
Experience establishing and monitoring continuous control monitoring and assurance processes to validate control design and effectiveness. Compliance:
Hands-on leadership of PCI DSS Level 1, SOX ITGC, and SOC 2 (Type 1 and Type 2) programs, including audit readiness and evidence management. Framework Knowledge:
Strong knowledge of ISO 27001/27002, NIST CSF, and other security and risk frameworks. Third-Party Risk:
Practical experience with third-party/vendor risk management and platforms such as OneTrust. Contract Review:
Experience reviewing and negotiating security and privacy clauses in vendor and customer contracts, in partnership with Legal and Procurement Business Continuity:
Familiarity with backup immutability, disaster recovery, and business continuity testing as part of compliance and risk assurance. Executive Reporting:
Skilled at translating technical risks and control health into executive and board level reporting (KRIs/KPIs, risk heat maps, dashboards). Program Management:
Strong ability to manage multiple projects, priorities, and compliance obligations simultaneously. Certifications:
Relevant certifications such as CISSP, CISM, CISA, CRISC, PCI ISA, or equivalent. Communication:
Exceptional ability to influence, present, and communicate risk concepts to both technical and non-technical stakeholders, including senior executives. PREFERRED QUALIFICATIONS
Industry Knowledge:
Experience in manufacturing and/or retail industries. Privacy:
Knowledge of privacy compliance requirements (CCPA/CPRA, GDPR) and alignment of security with privacy programs. Cloud/SaaS Security:
Familiarity with SaaS and cloud platforms (AWS, M365, Salesforce, Snowflake). GRC Tools:
Hands-on experience with enterprise GRC platforms such as ZenGRC, OneTrust. Emerging Tech:
Awareness of AI governance, cloud security posture management, and OT/IoT security frameworks. Continuous Improvement:
Experience in maturing security programs using industry frameworks such as NIST CSF maturity models. LOVE WHERE YOU WORK
We care about your health.
We offer competitive healthcare (health, dental, vision, coverage) in addition to voluntary benefits including home and car insurance, pet insurance, flexible spending account, amongst many more. We invest in your future.
Our 401K plan has immediate vesting, so you can start saving for retirement right away. We believe in flexibility.
We offer a hybrid schedule with on-site work 3 days a week. We want you to unplug when needed.
We believe in taking your time off without guilt and offer accrued paid time off and company paid holidays. *For Washington residents, you will receive 13 vacation days, 8 paid sick leave, 8 company paid holidays, and family paid leave. We care about your development.
We support tuition reimbursement after 6 months of service. We believe in pay transparency.
The salary range is $144,500 - $176,500 with annual 20% bonus eligibility. APPLICATION DEADLINE:
October 31, 2025 ABOUT US
Jostens leads the student commemoration market and has been serving local communities for over 125 years. We work with thousands of K-12 schools, colleges and universities each year, and have the honor of partnering with beloved sports teams and esteemed organizations across the country. Our iconic products — like yearbooks, letter jackets, class jewelry and championship rings — keep meaningful traditions alive and inspire millions of people to celebrate their unique stories, milestone moments and biggest accomplishments every year. We have 13 first-class facilities across the globe, from North America to the Caribbean. Watch a short video about us here. ALL ABOUT TECHNOLOGY: Our Technology organization combines planning, analysis, and development in combination with both enterprise retail and manufacturing platforms as well as custom development using primarily Java, web services, and web application frameworks like ReactJS/NodeJS. The Technology organization manages priorities through a centralized quarterly planning in close collaborative with business decision-making and strategy, directly supporting leadership in Marketing, Sales, Digital & Operations. Delivery is managed through typically an agile, two-week scrum or Kanban methodology leveraging a suite of Atlassian products. The Technology teams are structured organizationally to focus on key platforms and the business units that they. Though the utilization of best-in-class technical software, such as AWS, Tableau, SAP BPC, Oracle EBS, Salesforce, & Microsoft 360, you will get to play a critical role in determining technology solutions that steer our business. Jostens allows for a hybrid work setting that focuses on creating professional and personal development. We can’t wait to show you what our Technology Team has to offer at Jostens! AMERICANS WITH DISABILITIES ACT (ADA): Jostens is committed to the full inclusion of all qualified individuals. If reasonable accommodation is required to fully participate in the job application or interview process, or to perform the essential functions of the position, please reach out to our HR team at recruiter@jostens.com or (952) 830-3300. Jostens is an Equal Opportunity Employer and complies with applicable employment laws. EOE/M/F/Vet/Disabled are encouraged to apply. Jostens provides products, programs and services that help our customers celebrate moments that matter. Our mission is to Capture. Celebrate. Inspire. We extend our mission to working with our valued suppliers to partner with us to provide keepsakes designed to help consumers capture and celebrate moments that matter, and inspire them for a lifetime. The Jostens team is passionate about living and practicing our values, our Code of Conduct, and our commitment to sustainability in every interaction. Every member of the Jostens team is accountable to customers and suppliers to act with integrity and responsibility, to respect and recognize and to embrace change. We believe that living our values is required to earn customer loyalty and meet the expectations of all our stakeholders. It is through our mission and values that Jostens conducts all business with respect to the customers we serve and the communities in which we work.
#J-18808-Ljbffr
Position:
Senior Manager, Governance, Risk & Compliance (GRC) Location:
Minneapolis, MN Remote Status:
Hybrid Job Id:
5532-10183 # of Openings:
1 ABOUT YOU
As the Senior Manager, Governance, Risk & Compliance (GRC), you will lead the enterprise-wide GRC program, overseeing policy management, security risk processes, third-party risk, and compliance with critical regulatory frameworks such as PCI DSS, SOX ITGC, and SOC 2. This role is both strategic and hands-on requiring strong leadership, deep security expertise, and executive-level communication. You’ll collaborate cross-functionally with teams in IT, Legal, Audit, and business units to reduce risk, strengthen security posture, and ensure compliance across global operations. YOU WILL: Lead the Enterprise GRC Program.
Oversee information security policy development, control monitoring, and compliance initiatives across the organization. Own the Policy Lifecycle.
Manage the creation, review, approval, and communication of security policies, ensuring adoption and alignment with frameworks. Drive Cybersecurity Strategy.
Align security initiatives with organizational objectives, regulatory requirements, and executive priorities. Manage the Risk Registry.
Lead risk identification, scoring, treatment planning, and ongoing tracking in collaboration with business and IT stakeholders. Advance Third-Party Risk Management.
Conduct vendor due diligence, assess ongoing risk, and ensure contract language meets security/privacy standards. Coordinate Compliance Programs.
Lead audit readiness and evidence management for PCI DSS Level 1, SOC 2, and SOX ITGC audits. Oversee GRC Platforms.
Manage tools like ZenGRC to automate control workflows, risk tracking, and policy approvals. Deliver Executive Reporting. Provide leadership and Board-level reporting using dashboards, metrics, KRIs, and business impact narratives. Lead Security Awareness Programs.
Oversee company-wide and targeted training programs, and champion a culture of security awareness. Collaborate Cross-Functionally.
Serve as a bridge between Legal, Audit, Engineering, IAM, and Security Operations, ensuring alignment and accountability. Support Emerging Risk Areas.
Contribute to governance programs related to AI, cloud security posture, OT/IoT, and business continuity. Supervise & Develop Talent.
Lead a GRC team based in the Dominican Republic, fostering professional growth and aligning resources to strategic goals. Typical/expected % of overnight travel:
YOU HAVE
Education:
Bachelor’s degree in Information Security, Computer Science, or related field required Experience:
8+ years of progressive Information Security experience, with at least 5 years in GRC-focused leadership roles. Team Leadership:
Proven experience managing and mentoring security teams (3–5 direct reports, contractors, or consultants). Policy Management:
Demonstrated ability to manage the full policy lifecycle (development, approval, publication, communication, and adoption). Risk Management:
Direct experience with enterprise risk management programs, risk registry ownership, and risk reporting to executives. Control Assurance:
Experience establishing and monitoring continuous control monitoring and assurance processes to validate control design and effectiveness. Compliance:
Hands-on leadership of PCI DSS Level 1, SOX ITGC, and SOC 2 (Type 1 and Type 2) programs, including audit readiness and evidence management. Framework Knowledge:
Strong knowledge of ISO 27001/27002, NIST CSF, and other security and risk frameworks. Third-Party Risk:
Practical experience with third-party/vendor risk management and platforms such as OneTrust. Contract Review:
Experience reviewing and negotiating security and privacy clauses in vendor and customer contracts, in partnership with Legal and Procurement Business Continuity:
Familiarity with backup immutability, disaster recovery, and business continuity testing as part of compliance and risk assurance. Executive Reporting:
Skilled at translating technical risks and control health into executive and board level reporting (KRIs/KPIs, risk heat maps, dashboards). Program Management:
Strong ability to manage multiple projects, priorities, and compliance obligations simultaneously. Certifications:
Relevant certifications such as CISSP, CISM, CISA, CRISC, PCI ISA, or equivalent. Communication:
Exceptional ability to influence, present, and communicate risk concepts to both technical and non-technical stakeholders, including senior executives. PREFERRED QUALIFICATIONS
Industry Knowledge:
Experience in manufacturing and/or retail industries. Privacy:
Knowledge of privacy compliance requirements (CCPA/CPRA, GDPR) and alignment of security with privacy programs. Cloud/SaaS Security:
Familiarity with SaaS and cloud platforms (AWS, M365, Salesforce, Snowflake). GRC Tools:
Hands-on experience with enterprise GRC platforms such as ZenGRC, OneTrust. Emerging Tech:
Awareness of AI governance, cloud security posture management, and OT/IoT security frameworks. Continuous Improvement:
Experience in maturing security programs using industry frameworks such as NIST CSF maturity models. LOVE WHERE YOU WORK
We care about your health.
We offer competitive healthcare (health, dental, vision, coverage) in addition to voluntary benefits including home and car insurance, pet insurance, flexible spending account, amongst many more. We invest in your future.
Our 401K plan has immediate vesting, so you can start saving for retirement right away. We believe in flexibility.
We offer a hybrid schedule with on-site work 3 days a week. We want you to unplug when needed.
We believe in taking your time off without guilt and offer accrued paid time off and company paid holidays. *For Washington residents, you will receive 13 vacation days, 8 paid sick leave, 8 company paid holidays, and family paid leave. We care about your development.
We support tuition reimbursement after 6 months of service. We believe in pay transparency.
The salary range is $144,500 - $176,500 with annual 20% bonus eligibility. APPLICATION DEADLINE:
October 31, 2025 ABOUT US
Jostens leads the student commemoration market and has been serving local communities for over 125 years. We work with thousands of K-12 schools, colleges and universities each year, and have the honor of partnering with beloved sports teams and esteemed organizations across the country. Our iconic products — like yearbooks, letter jackets, class jewelry and championship rings — keep meaningful traditions alive and inspire millions of people to celebrate their unique stories, milestone moments and biggest accomplishments every year. We have 13 first-class facilities across the globe, from North America to the Caribbean. Watch a short video about us here. ALL ABOUT TECHNOLOGY: Our Technology organization combines planning, analysis, and development in combination with both enterprise retail and manufacturing platforms as well as custom development using primarily Java, web services, and web application frameworks like ReactJS/NodeJS. The Technology organization manages priorities through a centralized quarterly planning in close collaborative with business decision-making and strategy, directly supporting leadership in Marketing, Sales, Digital & Operations. Delivery is managed through typically an agile, two-week scrum or Kanban methodology leveraging a suite of Atlassian products. The Technology teams are structured organizationally to focus on key platforms and the business units that they. Though the utilization of best-in-class technical software, such as AWS, Tableau, SAP BPC, Oracle EBS, Salesforce, & Microsoft 360, you will get to play a critical role in determining technology solutions that steer our business. Jostens allows for a hybrid work setting that focuses on creating professional and personal development. We can’t wait to show you what our Technology Team has to offer at Jostens! AMERICANS WITH DISABILITIES ACT (ADA): Jostens is committed to the full inclusion of all qualified individuals. If reasonable accommodation is required to fully participate in the job application or interview process, or to perform the essential functions of the position, please reach out to our HR team at recruiter@jostens.com or (952) 830-3300. Jostens is an Equal Opportunity Employer and complies with applicable employment laws. EOE/M/F/Vet/Disabled are encouraged to apply. Jostens provides products, programs and services that help our customers celebrate moments that matter. Our mission is to Capture. Celebrate. Inspire. We extend our mission to working with our valued suppliers to partner with us to provide keepsakes designed to help consumers capture and celebrate moments that matter, and inspire them for a lifetime. The Jostens team is passionate about living and practicing our values, our Code of Conduct, and our commitment to sustainability in every interaction. Every member of the Jostens team is accountable to customers and suppliers to act with integrity and responsibility, to respect and recognize and to embrace change. We believe that living our values is required to earn customer loyalty and meet the expectations of all our stakeholders. It is through our mission and values that Jostens conducts all business with respect to the customers we serve and the communities in which we work.
#J-18808-Ljbffr